There’s a lot of excitement around Andy Rubin’s new smartphone company, Essential—the Android creator has the pedigree, more than $300 million in funding, and a $700 phone to sell.
However, Essential, which has been taking preorders for its new handset, just made a big slip-up. Earlier this week, it shared the personal details of dozens of its prospective customers with other customers—and we’re talking sensitive stuff, like their drivers’ licenses.
According to The Verge, Essential emailed those who placed preorders with a request for photo ID, in order to verify their orders.
While some recipients theorized on online forums that this was a phishing attempt, it appears the email was not a scam. However, it was very poorly handled, as everyone responding to the email found their reply going to the original email’s other recipients, too.
“I’m actually one of the people who unfortunately responded! And now my personal information is out there for everyone to see and use as they see fit! And this is not a scam this is in fact a major F up on Essential’s part!” read one typical comment on the Essential Reddit page.
Get Data Sheet, Fortune’s technology newsletter.
“Yesterday, we made an error in our customer care function that resulted in personal information from approximately 70 customers being shared with a small group of other customers,” Rubin wrote in a blog post.
He said Essential had added safeguards to make sure the incident wouldn’t be repeated, and offered the affected customers a year’s subscription to the identity theft protection service LifeLock.
“Being a founder in an intensely competitive business means you occasionally have to eat crow,” the former Google executive added. “It’s humiliating, it doesn’t taste good, and often, it’s a humbling experience. As Essential’s founder and CEO, I’m personally responsible for this error and will try my best to not repeat it.”
